Where can I find TLS certificates for elasticache redis cluster

Question

Being very new to elasticache, I'm trying to connect to it from instance running in different VPC. It works perfectly fine when client is within VPC over TLS, as no need to pass TLS certificates.( we just need to pass "--tls" option to redis-cli). Same, when I try to do from redis-cli running in another VPC, it won't work.

Note:- Here, I have established connectivity using VPC-peering as mentioned in their documentation. Verified it by passing "--insecure" option to redis-cli.

root@e142187efd96:/data# redis-cli -c --tls -h HOST -a asdfghjklzxcvbnm --insecure
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe. HOST:6379>

I got certificate for my elasticache server using below openssl command-

openssl s_client -showcerts -connect HOST:6379

passed obtained certificate to redis-client as -

redis-cli -c --tls -h HOST -a asdfghjklzxcvbnm --cacert cert.crt

It thrown below error-

Could not negotiate a TLS connection: Invalid CA Certificate File/Directory
Could not negotiate a TLS connection: Invalid CA Certificate File/Directory
not connected>

As per my understanding, I need to pass certificate and key also. But I don't know where I can find it and how to pass it.

Answer 1

For AWS Elasticache, you do not need to explicitly pass in a --cacert value to your redis-cli.

The important part here is to have the proper common CA certificates registered, you may do this on your client system via:

# Debian example
apt-get install ca-certificates

Once you have it installed, you can run:

redis-cli --tls -h <elasticache-host> -a <authstring>

Hope this helps.